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(i) REAL PARTY IN INTEREST 

The Assignee of all right, title and interest to the above-referenced Application ! 
Hewlett-Packard (Canada) Co., a Canadian corporation. 



(ii) RELATED APPEALS AND INTERFERENCES 

U.S. Application Serial No. 09/611,463 filed June 7, 2000 is a continuation-in-part of the 
present application, and is also on appeal before the Board. Appellants, Appellants' legal 
representative, and the Assignee of the present application are not aware of any other prior or 
pending appeals, interferences or judicial proceedings which may be related to, directly affect or 
have a bearing on the Board's decision in the pending appeal. 
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(iii) STATUS OF CLAIMS 

Claims 1- 63 are pending in the Application. 

Claims rejected: 25-30, 45, 54 and 55 
Claims allowed: none 
Claims confirmed: none 

Claims withdrawn: 1-24, 31-44, 46-53 and 56-63 

Claims objected to: none 

Claims canceled: none 
Appellants appeal the rejections of claims 25-30, 45, 54 and 55. These claim rejections 
were the only claim rejections present in the Office Action ("Action") dated March 1, 2006 
which re-opened prosecution after Appellants' first appeal to the Board. Claims 25-30, 45, 54 
and 55 have been rejected at least twice. 
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(iv) STATUS OF AMENDMENTS 

A non-final rejection was made March 1, 2006. No amendments to the claims 
requested to be admitted after the non-final rejection. 



(v) SUMMARY OF CLAIMED SUBJECT MATTER 

Concise explanations of exemplary forms of the claimed invention: 



With respect to independent claim 25 

An exemplary form of the invention is directed to a graphical user interface for a security 
service for a computer network (Page 6, lines 12-20). The computer network comprises defined 
users (10, 12) (Figure 1), services and resources (56) (Figure 3). The graphical user interface (14, 
16, 26, 28) (Figure 1 and 5; Page 23, lines 5-8) displays a grid comprising nodes (94) laid out on 
a first and on a second axis, user labels (92) corresponding to defined users, and resource labels 
(90) corresponding to the defined services and resources. Each user label labels nodes aligned 
relative to the first axis of the grid. Each resource label labels nodes aligned relative to the 
second axis of the grid. In addition, the nodes in the grid corresponding to access policies for the 
defined users and defined services and resources for the computer network, correspond to the 
user and resource labels (Figure 5; Page 23, lines 5-15). 

With respect to independent claim 29 

Another exemplary form of the invention is directed to a graphical user interface for a 
security service for a computer network (Page 6, lines 12-20). The computer network comprises 
defined users (10, 12) (Figure 1) represented by a business relationship tree data structure (130- 
134, 140, 142) (Figures 8 and 9). The computer network further comprises services and 
resources (56) (Figure 3), represented by a resource tree data structure (100-124) (Figure 6). The 
graphical user interface comprises display means (14, 16, 26, 28) (Figure 1 and 5; Page 23, lines 
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5-8) for displaying a grid comprising nodes (94) laid out on a first axis and on a second axis, 
user labels (92) corresponding to the users in the business relationship tree data structure, and 
resource labels (90) corresponding to the defined services and resources in the resource tree data 
structure. Each user label labels nodes aligned relative to the first axis of the grid. Also, each 
resource label labels nodes aligned relative to the second axis of the grid. In addition, the nodes 
in the grid corresponding to access policies for the defined users and defined services and 
resources, correspond to the user and resource labels (Figure 5; Page 23, lines 5-15). 

With respect to independent claim 54 

Another exemplary form of the invention is directed to a method for displaying access 
policies for a security service for a computer network (Page 6, lines 12-20). The computer 
network comprises defined users, services and resources. The method comprises the step of 
displaying, on a computer display unit, a grid having nodes (94), laid out on a first and on a 
second axis. The method also comprises the step of displaying, on the grid, unit user labels 
corresponding to the user data (92). Each user label labels nodes aligned relative to the first axis 
of the grid. In addition, the method comprises displaying, on the grid, resource labels (90) 
corresponding to the services and resources data. Each resource label labels nodes aligned 
relative to the second axis of the grid. In addition, the nodes in the grid correspond to access 
policies for the defined users and defined services and resources for the computer network 
corresponding to the user and resource labels (Figure 5; Page 23, lines 5-15). 
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(vi) GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

The grounds to be reviewed in this appeal are: 

Whether Appellants' claims 25, 26, 27, 29, 54 and 55 are unpatentable under 35 U.S.C. § 
103(a) over Flint, et al., U.S. Patent No. 6,453,419 ("Flint"), in view of Freund, U.S. 
Patent No. 5,987,611. 

Additional Comment: 

The Action did not specifically state a statutory basis for the rejections of claims 28, 30 
and 45. However the Action does include a discussion of these dependent claims on pages 8 and 
9. This discussion is similar to the discussion of these claims on pages 8-10 of the earlier Action 
dated July 28,2005. 

However, the discussion of the rejections of claims 28, 30, and 45 in the present Action 
includes an opening paragraph at the top of page 8 in which claims 25, 26, 27, 29, 54 and 55 
where rejected under 35 U.S.C. § 102(b) over Flint. This statement of the rejection is not 
consistent with the discussion which follows. Thus it appears that the present Action likely 
includes an editing error and that the Examiner intended the 35 U.S.C. § 102(b) rejection over 
Flint (at the top of page 8) to be stated as a 35 U.S.C. § 103(a) rejection of claims 28, 30 and 45 
over Flint in view of Freund and further in view of Wiegel, U.S. Patent No. 6,484,261. 

As the exact statutory basis for all of the rejections is not clear, Appellants respectfully 
submit that the following additional or alternative grounds of rejection are to be reviewed in this 
appeal: 
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Whether Appellants' claims 25, 26, 27, 29, 54 and 55 are unpatentable under 35 U.S.C. § 
102(b) over Flint, et al., U.S. Patent No. 6,453,419 ("Flint"); and/or 



Whether Appellants' claims 28, 30 and 45 are unpatentable under 35 U.S.C. § 103(a) 
over Flint in view of Freund and further in view of Wiegel U.S. Patent No. 6,484,261. 

If the above list of grounds of rejection to be reviewed on appeal does not accurately mirror each 
of the rejections intended to be made by the Examiner, Appellants' reserve the right to present 
additional grounds to be reviewed on appeal in a future Reply Brief. 
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(vii) ARGUMENT 

Flint. U.S. Patent No. 6.453.419 

Flint is directed to a system and method for implementing a security policy. The system 
is operative to build access control rules with a graphical user interface (Figure 6a-6d, 7 and 8). 
The rules are displayed in the form of a decision tree comprised of nodes (60-66) (Figure 4) 
which make true or false decisions. Each decision leads to a branch which contains more nodes 
(Figure 4, Column 4, lines 8-11). 

Freund U.S. Patent No. 5.987.611 

Freund is directed to a method for managing internet access on a client computer 
(Abstract). Freund shows an interface (600a) (Figure 6B) which is capable of displaying lists of 
applications and associated processes of the applications (Column 22, line 60 to column 23, line 
15). Freund also shows an interface (700) (Figure 7A) which is capable of displaying lists of 
access rules (Column 24, lines 16-64). 

Wiesel U.S. Patent No. 6.484.261 

Wiegel is directed to graphical management of data communication policies in a network 
management system. The system comprises an administration component 206 which provides a 
mechanism for constructing representations of abstract network security policies. After a 
security policy is constructed, it is represented in a policy tree (316) as a named policy. (Figures 2 
and 3; Column 15, lines 57-60). 
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The 35 U.S.C. § 102 (b) Rejections 

The Applicable Legal Standards 

Anticipation pursuant to 35 U.S.C. § 102 requires that a single prior art reference contain 
all the elements of the claimed invention arranged in the manner recited in the claim. Connell v. 
Sears, Roebuck & Co., 722 F.2d 1542, 1548, 220 U.S.P.Q. 193, 198 (Fed. Cir. 1983). 

Anticipation under 35 U.S.C. § 102 requires, in a single prior art disclosure, each and 
every element of the claimed invention arranged in a manner such that the reference would 
literally infringe the claims at issue if made later in time. Lewmar Marine, Inc. v. Barient, Inc., 
827 F.2d 744, 747, 3 U.S.P.Q.2d 1766, 1768 (Fed. Cir. 1987). 

Anticipation by inherency requires that the Patent Office establish that persons skilled in 
the art would recognize that the missing element is necessarily present in the reference. To 
establish inherency the Office must prove through citation to prior art that the feature alleged to 
be inherent is "necessarily present" in a cited reference. Inherency may not be established based 
on probabilities or possibilities. It is plainly improper to reject a claim on the basis of 35 U.S.C. 
§ 102 based merely on the possibility that a particular prior art disclosure could or might be used 
or operated in the manner recited in the claim. In re Robertson, 169 F.3d 743, 49 U.S.P.Q. 2d 
1949 (Fed. Cir. 1999). 

It is respectfully submitted that the Action from which this appeal is taken does not meet 
these burdens. 
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Rejection under 35 U.S.C. § 102(b) over Flint 

Claims 25, 26, 27, 29, 54, and 55 were rejected under 35 U.S.C. § 102(b) as being 
anticipated by Flint. These rejections are respectfully traversed. 

As discussed previously, this rejection may have been made in error. The Action at the 
bottom of page 2 indicates that this rejection is now moot in view of the new ground of rejection 
of claims 25, 26, 27, 29, 54, and 55 under 35 U.S.C. § 103(a) over Flint in view of Freund. 
Nevertheless to ensure that this Appeal Brief responds to all of the rejections specifically stated 
in the Action, Appellants include the following arguments: 

Claim 25 

Claim 25 is an independent claim directed to a graphical user interface for a security 
service for a computer network. The Action acknowledges (at pages 3-5) that the following 
features, relationships, and steps (with respect to claim 54) are not disclosed in Flint: 

the computer network comprising defined users. 

• displaying, on a computer display unit, a grid having nodes, laid out on a 
first and on a second axis, 



• displaying, on the grid, unit user labels corresponding to the user data, each 
user label labeling nodes aligned relative to the first axis of the grid, and 

• displaying on the grid, resource labels corresponding to the services and 
resources data, each resource label labeling nodes aligned relative to the 
second axis of the grid, 

• whereby the nodes in the grid correspond to access policies for the defined 
users and defined services and resources for the computer network, 
corresponding to the user and resource labels. 

These features of claim 54 correspond to the following features recited in claim 25: 

• the computer network comprising defined users; 

• a grid comprising nodes laid out on a first and on a second axis, 

• user labels corresponding to defined users, each user label labeling nodes 
aligned relative to the first axis of the grid, 

• resource labels corresponding to the defined services and resources, each 
resource label labeling nodes aligned relative to the second axis of the grid, 
and 
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• the nodes in the grid corresponding to access policies for the defined users 

and defined services and resources for the computer network, corresponding 
to the user and resource labels. 

Claim 25 was rejected in the Action based "along similar rationale" as claim 54. It 
follows that the Office acknowledges that Flint does not disclose or suggest each of the features 
and relationships recited in claim 25. Therefore Flint can not anticipate claim 25. Appellants 
respectfully submit that the 35 U.S.C. § 102(b) rejection should be reversed. It follows that the 
rejections of claims 26-28 which depend from claim 25 should also be reversed. 

Claim 26 

Claim 26 depends from claim 25. Column 3, lines 31-47 of Flint do not as alleged in the 
Action show the features and relationships recited in claim 26. This referenced portion of Flint 
discusses defining Regions (e.g. Sales Office, Worldwide Customer Service) to which one or 
more networks are assigned (Column 3, lines 39-43). This referenced portion of Flint does not 
disclose or suggest a user definition component for defining a business relationship tree data 
structure representing a set of the defined users. Although Figure 3 includes text adjacent the 
R&D network box (32) corresponding to USER1, USER2, etc., nowhere does Flint disclose or 
suggest that such text is defined using a user definition component which is capable of defining a 
business relationship tree data structure representing a set of defined users. Further, nowhere 
does Flint disclose or suggest that the system of Flint is capable of displaying user labels in a 
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graphical user interface corresponding to the business relationship tree data structure defined 
using a user definition component. 

Flint does not explicitly or inherently teach these recited features and relationships and 
therefore does not anticipate claim 26. 

Claim 27 

Claim 27 depends from claim 25. Column 3, line 61, to column 4, line 7, of Flint does 
not as alleged in the Action show the features and relationships recited in claim 27. Rather, this 
referenced portion of Flint describes features of nodes that can be included in a decision tree. 
Flint states that nodes can check for criteria as the time of day, whether the connection uses the 
appropriate authentication or encryption, the user or groups initiating the connection request, or 
the IP address or host of the connection. Also, Flint states that each node is compared against an 
incoming connection request and it is determined whether the connection is allowed or denied 
based on the result of the node comparison. 

Although this referenced portion of Flint discloses the ability of Flint to create decision 
trees to represent an access rule, nowhere does Flint disclose or suggest taking the information 
from such a decision tree and producing a different view of the underlying data in which nodes 
corresponding to access policies are included on a grid and labeled on one axis with a 
corresponding user label and another axis by a corresponding resource label. 

Nowhere does Flint disclose or suggest that the system of Flint is capable of displaying 
resource labels in a graphical user interface corresponding to the resource tree data structure 
defined using a resource definition component 
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Flint does not explicitly or inherently teach these recited features and relationships and 
therefore does not anticipate claim 27. 

Claim 29 

Claim 29 is an independent claim directed to a graphical user interface for a security 
service for a computer network. The Action acknowledges (at pages 3-5) that the following 
features, relationships, and steps (with respect to claim 54) are not disclosed in Flint: 

• displaying, on a computer display unit, a grid having nodes, laid out on a 
first and on a second axis, 

• displaying, on the grid, unit user labels corresponding to the user data, each 
user label labeling nodes aligned relative to the first axis of the grid, and 

• displaying on the grid, resource labels corresponding to the services and 
resources data, each resource label labeling nodes aligned relative to the 
second axis of the grid, 

• whereby the nodes in the grid correspond to access policies for the defined 
users and defined services and resources for the computer network, 
corresponding to the user and resource labels. 
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These features of claim 54 correspond to the following features recited in claim 29: 

a grid comprising nodes laid out on a first axis and on a second axis, 

• user labels corresponding to the users in the business relationship tree data 
structure, each user label labeling nodes aligned relative to the first axis of 
the grid, and 

• resource labels corresponding to the defined services and resources in the 
resource tree data structure, each resource label labeling nodes aligned 
relative to the second axis of the grid, 

• the nodes in the grid corresponding to access policies for the defined users 
and defined services and resources, corresponding to the user and resource 
labels. 

It follows that the Office acknowledges that Flint does not disclose or suggest each of the 
features and relationships recited in claim 29. Therefore Flint can not anticipate claim 29. 
Appellants respectfully submit that the 35 U.S.C. § 102(b) rejection should be reversed. It 
follows that the rejection of claim 30 which depends from claim 29 should also be reversed. 
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Claim 54 

Claim 54 is an independent claim directed to a method for displaying access policies for a 
security service for a computer network. The Action acknowledges (at pages 3-5) that the 
following features, relationships and steps recited in claim 54 are not disclosed in Flint: 

• the computer network comprising defined users. 

• displaying, on a computer display unit, a grid having nodes, laid out on a 
first and on a second axis, 

• displaying, on the grid, unit user labels corresponding to the user data, each 
user label labeling nodes aligned relative to the first axis of the grid, and 

• displaying on the grid, resource labels corresponding to the services and 
resources data, each resource label labeling nodes aligned relative to the 
second axis of the grid, 

• whereby the nodes in the grid correspond to access policies for the defined 
users and defined services and resources for the computer network, 
corresponding to the user and resource labels. 
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It follows that Flint can not anticipate claim 54. Appellants respectfully submit that the 
35 U.S.C. § 102(b) rejection should be reversed. It follows that the rejection of claim 55 which 
depends from claim 54 should also be reversed. 



Claim 55 

Claim 55 depends from claim 54. The Action has not shown where Flint teaches or 
suggests a program storage device readable by a machine which tangibly embodies a program of 
instructions executable by the machine. Further, as discussed previously, Flint does not disclose 
or suggest any machine capable of perform the method steps recited in claim 54. 

Flint does not explicitly or inherently teach these recited features and relationships and 
therefore does not anticipate claim 55. 



The 35 U.S.C. § 103 (a) Rejections 

The Applicable Legal Standards 

Before a claim may be rejected on the basis of obviousness pursuant to 35 U.S.C. § 103, 
the Patent Office bears the burden of establishing that all the recited features and relationships of 
the claim are known in the prior art. This is known as prima facie obviousness. To establish 
prima facie obviousness, it must be shown that all the elements and relationships recited in the 
claim are known in the prior art. If the Office does not produce a prima facie case, then the 
Appellants are under no obligation to submit evidence of nonobviousness. MPEP § 2142 (Eighth 
Edition, August 2001; Rev. 2, May 2004). 
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The evidence of record must teach or suggest the recited features. An assertion of basic 
knowledge and common sense not based on any evidence in the record lacks substantial evidence 
support. In re Zurko, 258 F.3d 1379, 59 U.S.P.Q.2d 1693 (Fed. Cir. 2001). 

Even if all of the features recited in the claim are known in the prior art, it is still not 
proper to reject a claim on the basis of obviousness unless there is a specific teaching, 
suggestion, or motivation in the prior art to produce the claimed combination. Panduit Corp. v. 
DennisonMfg. Co., 810 F.2d 1561, 1568, 1 U.S.P.Q.2d 1593 (Fed. Cir. 1987). In re Newell, 891 
F.2d 899, 901, 902, 13 U.S.P.Q.2d 1248, 1250 (Fed. Cir. 1989). 

The teaching, suggestion, or motivation to combine the features in prior art references 
must be clearly and particularly identified in such prior art to support a rejection on the basis of 
obviousness. It is not sufficient to offer a broad range of sources and make conclusory 
statements. In re Dembiczak, 50 U.S.P.Q.2d 1614, 1617 (Fed. Cir. 1999). 

A determination of patentability must be based on evidence of record. In re Lee, 277 
F.3d 1338, 61 U.S.P.Q.2d 1430 (Fed. Cir. 2002). 

It is respectfully submitted that the Action from which this appeal is taken does not meet 
these burdens. 

Rejection under 35 U.S.C. § 103(a) over Flint in view of Freund 

Claims 25, 26, 27, 29, 54, and 55 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Flint in view of Freund. These rejections are respectfully traversed. 
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Claim 25 

Claim 25 is an independent claim directed to a graphical user interface for a security 
service for a computer network. As discussed previously the Action acknowledges (with respect 
to claim 54) that the following features recited in claim 25 are not disclosed in Flint: 

• a grid comprising nodes laid out on a first and on a second axis, 

• user labels corresponding to defined users, each user label labeling nodes 
aligned relative to the first axis of the grid, 

• resource labels corresponding to the defined services and resources, each 
resource label labeling nodes aligned relative to the second axis of the grid, 
and 

• the nodes in the grid corresponding to access policies for the defined users 
and defined services and resources for the computer network, corresponding 
to the user and resource labels. 
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However, the Action (with reference to claim 54) now asserts that these features missing from 
Flint are taught by Freund. Appellants disagree. 

Nowhere do the user interfaces (600, 600a) shown in Figures 6A and 6B of Freund show 
grids with these recited features. These interfaces include an application panel (610, 610a) with 
an outline (hierarchical) or tree- structure view that displays a plurality of applications and their 
respective processes. Although each listed application and process is associated with a 
respective node (611, 612), Freund does not disclose or suggest that the tree-structures ever have 
an organization which would enable nodes in the tree-structure to have corresponding user labels 
and resource labels on axes of the grid. 

Nowhere does Freund disclose or suggest a grid comprising nodes which are labeled 
along a first axis with user labels and are labeled on a second axis with resource labels. Rather, 
the nodes taught in Freund (e.g. application (611) nodes and process (612) nodes) are only 
represented by icons and descriptive text on the node itself. The application panel (610, 610a) 
does not show user labels which label nodes aligned relative a first axis of a grid and resource 
labels which label the nodes aligned relative a second axis of the grid. 

In addition, claim 25 specifically recites that the nodes in the grid corresponding to access 
policies for the defined users and defined services and resources for the computer network, 
correspond to the user and resource labels. Nowhere does Freund teach or suggest that the nodes 
in the tree- structure of the application panel (610,610a) correspond to access policies. Rather 
such nodes correspond to applications and associated processes of the applications. Nowhere 
does Freund teach that such nodes in the application panel (610,610a) may correspond to access 



policies. Rather Freund shows lists of "access rules" in a separate user interface or "wizard" 
(700) (Figures 7A-K; Column 24, lines 16-20) and not as nodes as recited in the claim. 

For example, Figure 7A of Freund shows an interface (700) that displays a listing of 
access rules (Column 24, lines 40-44). For a selected access rule (723), the interface displays 
detailed information about the rule in a details panel (730). However, nowhere does Freund 
disclose or suggest that such rules are ever displayed as nodes in a grid. Further nowhere does 
Freund disclose or suggest displaying user labels on a first axis of a grid which label the access 
rules aligned relative to a first axis or displaying resource labels on a second axis of the grid 
which label the access rules aligned relative to the second axis. Thus, nowhere does Freund 
disclose or suggest displaying access rules for defined users and defined services and resources 
on a grid in alignment with their corresponding respective user and resource labels on the axes of 
the grid. 

In addition, the rejection relies on conclusory statements, not evidence of record. For 
example, to support the rejections of the claims, the Action relies on conclusory statements such 
as (with respect to claim 54) "the grid like appearance claimed is a common display in 
spreadsheet database applications" (pages 5). However, the Action's mere assertions do not 
constitute the required prior art evidence of record, and thus lack substantial evidence support. 
The determination of patentability must be based on evidence of record, not on unsubstantiated 
assertions. As the evidence of record does not support the rejection, the claims should be 
allowed. In re Zurko, 258 F.3d 1379, 59 U.S.P.Q.2d 1693 (Fed. Cir. 2001). In re Lee, 277 F.3d 
1338, 61 U.S.P.Q.2d 1430 (Fed. Cir. 2002). MPEP § 2144.03. 
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In addition (with respect to claim 54), the Action states that "it would have been obvious 
... to modify a security service for a computer network taught in '419 [Flint] to include a means 
to configure and administer user policy. One of ordinary skill in the art would have been 
motivated to perform such a modification to increase security". To support this assertion, the 
Action references Column 3, lines 4 et seq. of Freund. 

However regardless of whether it would be obvious to combine features of Freund 
directed to configuring and administrating access polices into Flint, such a combination (at best) 
would only produce a system for implementing a security policy for applications on a client using 
interfaces (600,600a) which list applications and processes and/or an interface (700) which lists 
access rules. The Action has still failed to show any prior art teaching, suggestion, or motivation 
to modify either Flint or Freund to include the features recited in claim 25 directed to a graphical 
user interface that displays nodes in a grid corresponding to access policies, which nodes are 
aligned with corresponding respective user labels on a first axis and resource labels on a second 
axis of the grid. 

The applied references do not disclose or suggest each of the features and relationships 
recited in claim 25 and the Office has not established prima facie obviousness. Also, as nothing 
in the cited art discloses or suggests the features and relationships that are specifically recited in 
the claim, and because there is no prior art teaching, suggestion or motivation cited for 
combining features of the cited references so as to produce Appellants' invention, it is 
respectfully submitted that claim 25 is allowable for these reasons. Therefore, it is respectfully 
submitted that the 35 U.S.C. § 103(a) rejection should be reversed. It follows that claims 26-28 
which depend from claim 25 are likewise allowable. 
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Claim 26 

Claim 26 depends from claim 25. Column 3, lines 31-47 of Flint do not as alleged in the 
Action show the features and relationships recited in claim 26. This referenced portion of Flint 
discusses defining Regions (e.g. Sales Office, Worldwide Customer Service) to which one or 
more networks are assigned (Column 3, lines 39-43). This referenced portion of Flint does not 
disclose or suggest a user definition component for defining a business relationship tree data 
structure representing a set of the defined users. Although Figure 3 includes text adjacent the 
R&D network box (32) corresponding to USER1, USER2, etc., nowhere does Flint disclose or 
suggest that such text is defined using a user definition component which is capable of defining a 
business relationship tree data structure representing a set of defined users. Further, nowhere 
does Flint disclose or suggest that the system of Flint is capable of displaying user labels in a 
graphical user interface corresponding to the business relationship tree data structure defined 
using a user definition component. 

Neither Flint nor Freund discloses or suggests each of the features and relationships 
recited in the claim. The Office has not established prima facie obviousness with respect to 
claim 26, and it is respectfully submitted the rejection should be reversed. 

Claim 27 

Claim 27 depends from claim 25. Column 3, line 61, to column 4, line 7 of Flint does not 
as alleged in the Action show the features and relationships recited in claim 27. Rather, this 
referenced portion of Flint describes features of nodes that can be included in a decision tree. 
Flint states that nodes can check for criteria as the time of day, whether the connection uses the 
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appropriate authentication or encryption, the user or groups initiating the connection request, or 
the IP address or host of the connection. Also, Flint states that each node is compared against an 
incoming connection request and it is determined whether the connection is allowed or denied 
based on the result of the node comparison. 

Although this referenced portion of Flint discloses the ability of Flint to create decision 
trees to represent an access rule, nowhere does Flint disclose or suggest taking the information 
from such a decision tree and producing a different view of the underlying data in which nodes 
corresponding to access policies are included on a grid and labeled on one axis with a 
corresponding user label and another axis by a corresponding resource label. 

Nowhere does Flint disclose or suggest that the system of Flint is capable of displaying 
resource labels in a graphical user interface corresponding to the resource tree data structure 
defined using a resource definition component. 

Neither Flint nor Freund discloses or suggests each of the features and relationships 
recited in the claim. The Office has not established prima facie obviousness with respect to 
claim 27, and it is respectfully submitted the rejection should be reversed. 

Claim 29 

Claim 29 is an independent claim directed to a graphical user interface for a security 
service for a computer network. As discussed previously the Action acknowledges (with respect 
to claim 54) that the following features recited in claim 29 are not disclosed in Flint: 
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a grid comprising nodes laid out on a first axis and on a second axis, 



• user labels corresponding to the users in the business relationship tree data 
structure, each user label labeling nodes aligned relative to the first axis of 
the grid, and 

• resource labels corresponding to the defined services and resources in the 
resource tree data structure, each resource label labeling nodes aligned 
relative to the second axis of the grid, 

• the nodes in the grid corresponding to access policies for the defined users 
and defined services and resources, corresponding to the user and resource 
labels. 

However, the Action now asserts that these features missing from Flint are taught by Freund. 
Appellants disagree. 

The Action asserts that column 26, lines 18-30 of Freund shows "a grid comprising nodes 
laid out on a first axis and on a second axis". Appellants disagree. This referenced portion of 
Freund discuses Figure 7F which shows a wizard dialog (740) that allows a user to define a set 
which includes or excludes people, computers, and/or groups thereof. Such a set is selected from 
an outline list (761) in the dialog (740). However, nowhere does this portion of Freund, or any 
other portion of Freund disclose or suggest a grid comprising nodes laid out on a first axis with 
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user labels and on a second axis with resource labels. Thus neither Freund nor Flint disclose or 
suggest this recited feature. 

In addition the Action asserts that column 22, lines 44-59 and column 7, lines 17-29 of 
Freund shows "each user label labeling nodes aligned relative to the first axis of the grid". 
Appellants disagree. Column 22, lines 44-59 of Freund discusses the interface (600) shown in 
Figure 6A which is capable of listing applications and processes (see Figure 6B). Such 
applications/processes can be filtered by users (e.g. current user or another named user). 
Column 7, lines 17-29 of Freund discuses that the description of Freund is not limited to any 
particular one application or any particular environment. 

Figure 6B shows the user text "Gregor Freund" on the interface (600b). Presumably, the 
applications listed in the interface were filtered so as to only show applications executed by this 
user. However, this user text does not correspond to a user label for nodes in a grid. Nor is this 
user text aligned with any of the alleged nodes (611, 612) in the list of applications/processes. 

Thus neither in these portions of Freund pointed out in the Action or anywhere else in 
Freund, does Freund disclose or suggest a grid with user labels which label nodes in the grid 
aligned relative to the first axis of the grid. Thus neither Freund nor Flint discloses or suggests 
this recited feature. 

In addition, the Action asserts that column 22, line 60 to column 23, line 23 of Freund 
shows "each resource label labeling nodes aligned relative to the second axis of the grid, 
the nodes in the grid corresponding to access policies for the defined users and defined services 
and resources, corresponding to the user and resource labels". Appellants disagree that these 
portions of Freund disclose or suggest these features from claim 29. 
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Column 22, line 60 to column 23, line 23 of Freund discusses Figure 6B which shows an 
interface (600a) that is capable of listing currently executing applications and processes. 
Nowhere does the user interface shown in Figure 6B of Freund show grids with these recited 
features. Figure 6B shows an outline (hierarchical) or tree-structure view that lists applications 
and their respective processes. Although each listed application and process is associated with a 
respective node (611, 612), Freund does not disclose or suggest that the tree- structures ever has 
an organization which would enable nodes in the tree- structure to have corresponding user labels 
and resource labels on axes of the grid. 

Freund does not disclose or suggest a grid comprising nodes which are labeled on a 
second axis with resource labels and (as discussed previously) are labeled along a first axis with 
user labels). Rather, the nodes taught in Flint (e.g. application (611) nodes and process (612) 
nodes) are only represented by icons and descriptive text on the node itself. The application 
panel (610a) does not show resource labels along one axis and user labels along another axis 
which correspond to the respective nodes in the tree structure. 

In addition, claim 29 specifically recites that the nodes in the grid corresponding to access 
policies for the defined users and defined services and resources, correspond to the user and 
resource labels. Nowhere does Freund teach or suggest that the nodes in the tree-structure of the 
application panel (610a) correspond to access policies. Rather such nodes correspond to 
applications and associated processes of the applications. Nowhere does Freund teach that such 
nodes in the application panel (610a) may correspond to access policies. Rather Freund shows 
lists of "access rules" in a separate user interface or "wizard" (700) (Figures 7A-K; Column 24, 
lines 16-20) and not as nodes as recited in the claim. 
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For example, Figure 7A of Freund shows an interface (700) that displays a listing of 
access rules (Column 24, lines 40-44). For a selected access rule (723), the interface displays 
detailed information about the rule in a details panel (730). However, nowhere does Freund 
disclose or suggest that such rules are ever displayed as nodes in a grid. Further nowhere does 
Freund disclose or suggest displaying user labels on a first axis of a grid which label the access 
rules aligned relative to a first axis or displaying resource labels on a second axis of the grid 
which label the access rules aligned relative to the second axis. Thus, nowhere does Freund 
disclose or suggest displaying access rules for defined users and defined services and resources 
on a grid in alignment with their corresponding respective user and resource labels on the axes of 
the grid. 

In addition, the rejection relies on conclusory statements, not evidence of record. For 
example, to support the rejection of the claims, the Action relies on conclusory statements (with 
respect to claim 54) such as "the grid like appearance claimed is a common display in 
spreadsheet database applications" (pages 5). However, the Action's mere assertions do not 
constitute the required prior art evidence of record, and thus lack substantial evidence support. 
The determination of patentability must be based on evidence of record, not on unsubstantiated 
assertions. As the evidence of record does not support the rejection, the claims should be 
allowed. In re Zurko, 258 F.3d 1379, 59 U.S.P.Q.2d 1693 (Fed. Cir. 2001). In re Lee, 277 F.3d 
1338, 61 U.S.P.Q.2d 1430 (Fed. Cir. 2002). MPEP § 2144.03. 

In addition (with respect to claim 54), the Action states that "it would have been obvious . 
. . to modify a security service for a computer network taught in '419 [Flint] to include a means to 
configure and administer user policy. One of ordinary skill in the art would have been motivated 
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to perform such a modification to increase security". To support this assertion, the Action 
references Column 3, lines 4 et seq. of Freund. 

However regardless of whether it would be obvious to combine features of Freund 
directed to configuring and administrating access polices into Flint, such a combination (at best) 
would only produce a system for implementing a security policy for applications on a client using 
interfaces (600,600a) which list applications and processes and/or an interface (700) which lists 
access rules. The Action has still failed to show any prior art teaching, suggestion, or motivation 
to modify either Flint or Freund to include the features recited in claim 29 directed to display 
means for displaying nodes in a grid corresponding to access policies, which nodes are aligned 
with corresponding respective user labels on a first axis and resource labels on a second axis of 
the grid. 

The applied references do not disclose or suggest each of the features and relationships 
recited in claim 29 and the Office has not established prima facie obviousness. Also, as nothing 
in the cited art discloses or suggests the features and relationships that are specifically recited in 
the claim, and because there is no prior art teaching, suggestion or motivation cited for 
combining features of the cited references so as to produce Appellants' invention, it is 
respectfully submitted that claim 29 is allowable for these reasons. Therefore, it is respectfully 
submitted that the 35 U.S.C. § 103(a) rejection should be reversed. It follows that claim 30 
which depends from claim 29 is likewise allowable. 
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Claim 54 

Claim 54 is an independent claim directed to a method for displaying access policies for a 
security service for a computer network. As discussed previously the Action acknowledges that 
the following features recited in claim 54 are not disclosed in Flint: 

• the computer network comprising defined users. 

• displaying, on a computer display unit, a grid having nodes, laid out on a 
first and on a second axis, 

• displaying, on the grid, unit user labels corresponding to the user data, each 
user label labeling nodes aligned relative to the first axis of the grid, and 

• displaying on the grid, resource labels corresponding to the services and 
resources data, each resource label labeling nodes aligned relative to the 
second axis of the grid, 

• whereby the nodes in the grid correspond to access policies for the defined 
users and defined services and resources for the computer network, 
corresponding to the user and resource labels. 
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However, the Action now asserts that these features missing from Flint are taught by Freund. 
Appellants disagree. 

Nowhere do the user interfaces (600, 600a) shown in Figures 6A and 6B of Freund show 
grids with these recited features. These interfaces include an application panel (610, 610a) with 
an outline (hierarchical) or tree- structure view that displays a plurality of applications and their 
respective processes. Although each listed application and process is associated with a 
respective node (611, 612), Freund does not disclose or suggest that the tree-structures ever have 
an organization which would enable nodes in the tree-structure to have corresponding user labels 
and resource labels on axes of the grid. 

Nowhere does Freund disclose or suggest displaying a grid having nodes which are 
labeled along a first axis with user labels and are labeled on a second axis with resource labels. 
Rather, the nodes taught in Freund (e.g. application (611) nodes and process (612) nodes) are 
only represented by icons and descriptive text on the node itself. The application panel (610, 
610a) does not show displaying on a grid user labels which label nodes aligned relative a first 
axis of the grid and displaying on the grid resource labels which label the nodes aligned relative a 
second axis of the grid. 

In addition, claim 54 specifically recites that the nodes in the grid correspond to access 
policies for the defined users and defined services and resources for the computer network, 
corresponding to the user and resource labels. Nowhere does Freund teach or suggest that the 
nodes in the tree- structure of the application panel (610,610a) correspond to access policies. 
Rather such nodes correspond to applications and associated processes of the applications. 
Nowhere does Freund teach that such nodes in the application panel (610,610a) may correspond 



-33- 



to access policies. Rather Freund shows lists of "access rules" in a separate user interface or 
"wizard" (700) (Figures 7A-K; Column 24, lines 16-20) and not as nodes as recited in the claim. 

For example, Figure 7A of Freund shows an interface (700) that displays a listing of 
access rules (Column 24, lines 40-44). For a selected access rule (723), the interface displays 
detailed information about the rule in a details panel (730). However, nowhere does Freund 
disclose or suggest that such rules are ever displayed as nodes in a grid. Further nowhere does 
Freund disclose or suggest displaying user labels on a first axis of a grid which label the access 
rules aligned relative to a first axis or displaying resource labels on a second axis of the grid 
which label the access rules aligned relative to the second axis. Thus, nowhere does Freund 
disclose or suggest displaying access rules for defined users and defined services and resources 
on a grid in alignment with their corresponding respective user and resource labels on the axes of 
the grid. 

In addition, the rejection relies on conclusory statements, not evidence of record. For 
example, to support the rejection of the claims, the Action relies on conclusory statements such 
as "the grid like appearance claimed is a common display in spreadsheet database applications" 
(pages 5). The Action's mere assertions do not constitute the required prior art evidence of 
record, and thus lack substantial evidence support. The determination of patentability must be 
based on evidence of record, not on unsubstantiated assertions. As the evidence of record does 
not support the rejection, the claims should be allowed. In re Zurko, 258 F.3d 1379, 59 
U.S.P.Q.2d 1693 (Fed. Cir. 2001). In re Lee, 277 F.3d 1338, 61 U.S.P.Q.2d 1430 (Fed. Cir. 
2002). MPEP § 2144.03. 
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In addition, the Action states that "it would have been obvious ... to modify a security 
service for a computer network taught in '419 [Flint] to include a means to configure and 
administer user policy. One of ordinary skill in the art would have been motivated to perform 
such a modification to increase security". To support this assertion, the Action references 
Column 3, lines 4 et seq. of Freund. 

However regardless of whether it would be obvious to combine features of Freund 
directed to configuring and administrating access polices into Flint, such a combination (at best) 
would only produce a system for implementing a security policy for applications on a client using 
interfaces (600,600a) which list applications and processes and/or an interface (700) which lists 
access rules. The Action has still failed to show any prior art teaching, suggestion, or motivation 
to modify either Flint or Freund to include the features recited in claim 54 directed to a graphical 
user interface that displays nodes in a grid corresponding to access policies, which nodes are 
aligned with corresponding respective user labels on a first axis and resource labels on a second 
axis of the grid. 

The applied references do not disclose or suggest each of the features, relationships and 
steps recited in claim 54 and the Office has not established prima facie obviousness. Also, as 
nothing in the cited art discloses or suggests the features, relationships, and steps that are 
specifically recited in the claim, and because there is no prior art teaching, suggestion or 
motivation cited for combining features of the cited references so as to produce Appellants' 
invention, it is respectfully submitted that claim 54 is allowable for these reasons. Therefore, it 
is respectfully submitted that the 35 U.S.C. § 103(a) rejection should be reversed. It follows that 
claim 55 which depends from claim 54 is likewise allowable. 
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Claim 55 

Claim 55 depends from claim 54. The Action has not shown where Flint or Freund 
teaches or suggests a program storage device readable by a machine which tangibly embodies a 
program of instructions executable by the machine. Further, as discussed previously, Flint and 
Freund do not disclose or suggest any machine capable of performing the method steps recited in 
claim 54. 

Neither Flint nor Freund discloses or suggests each of the features and relationships 
recited in the claim. The Office has not established prima facie obviousness with respect to 
claim 55, and it is respectfully submitted the rejection should be reversed. 

Rejection under 35 U.S.C. § 103(a) over Flint in view of Freund and Wiegel 

Claims 28, 30, and 45 were presumed to be rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Flint in view of Freund and further in view of Wiegel. These presumed 
rejections are respectfully traversed. 

Claim 28 

Claim 28 depends from claim 25 and recites that the graphical user interface further 
comprises an access policy editor for defining the nodes in the grid. The access policy editor 
comprises means for graphically assembling icons representing policy rules to define an access 
policy for a user- specified node. 

Appellants disagree that it would be obvious to combine Wiegel with Flint and/or Freund. 
Nowhere does Flint disclose that any of its described nodes (60, 61, 62, 62.1, 62.2, 64, 64.1, 
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64.2. 64.3, 64.4, 66, 68, 70, 70.1, 70.2, 72, 74, 76, 78, 80, 102, 104, 106, 108, 110, 112, 114, 116, 
118, 120, 122, 124, 126, 128, 130, 132, 134 etc.) individually correspond to access policies. 
Also as discussed previously, Freund shows access rules in a list (Figure 7B). Freund does not 
disclose or suggest displaying access rules as nodes of a grid. Thus there is no teaching, 
suggestion or motivation in any of Wiegel, Flint or Freund to provide a graphical user interface 
editor to define the nodes of a grid. Therefore the rejection of claim 28 should be reversed. 

Further, Wiegel does not disclose or suggest the above described features and 
relationships recited in the parent claim 25, which are not disclose or suggested in Flint and 
Freund. Thus the Office has not established prima facie obviousness with respect to claim 28, 
and it is respectfully submitted the rejection should be reversed. 

Claim 30 

Claim 30 depends from claim 29 and recites that the grid comprises inheriting nodes and 
defining nodes, the defining nodes corresponding to access policies expressly defined by a policy 
manager, the graphical user interface further comprising means for displaying inherited access 
policies for inheriting nodes in the grid by propagating access policies from the defining nodes in 
the grid across the inheriting nodes below the defining nodes in each of the business relationship 
tree data structure and the resource tree data structure. 

Appellants disagree that it would be obvious to combine Wiegel with Flint and/or Freund. 
Nowhere does Flint disclose that any of its described nodes (60, 61, 62, 62.1, 62.2, 64, 64.1, 
64.2. 64.3, 64.4, 66, 68, 70, 70.1, 70.2, 72, 74, 76, 78, 80, 102, 104, 106, 108, 110, 112, 114, 116, 
118, 120, 122, 124, 126, 128, 130, 132, 134 etc.) individually correspond to access policies. 
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Further, nowhere in Column 13, lines 37-50, referenced in the Action or anywhere else in any of 
Wiegel, Flint, or Freund is there disclosed or suggested that the specific types of nodes shown in 
Flint are even capable of inheriting access policies from other nodes in the grid. In addition 
nowhere does Freund disclose or suggest that the access rules shown Figure 7B are capable of 
inheriting access rules from nodes in a grid. Therefore, there is no teaching suggestion or 
motivation in any of Wiegel, Flint or Freund to modify Flint to include in a graphical user 
interface means for displaying inherited access policies for inheriting nodes in the grid by 
propagating access policies from the defining nodes in the grid across the inheriting nodes below 
the defining nodes in each of the business relationship tree data structure and the resource tree 
data structure. Therefore, the rejection of claim 30 should be reversed. 

Further, Wiegel does not disclose or suggest the above described features and 
relationships recited in the parent claim 29, which are not disclose or suggested in Flint and 
Freund. Thus the Office has not established prima facie obviousness with respect to claim 30, 
and it is respectfully submitted the rejection should be reversed. 

Claim 45 

Claim 45 is a multiple dependent claim depending from claims 25, 26, and 30. The 
Action has not shown where Flint, Wiegel, or Freund teaches or suggests a computer program 
product comprising a computer usable medium having computer readable program code means 
embodied in said medium for implementing the graphical user interface. In addition, Wiegel 
does not disclose or suggest the above described features and relationships recited in the parent 
claims 25, 26, or 30, which are not disclose or suggested in Flint and Freund. Thus the Office 
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has not established prima facie obviousness with respect to claim 45, and it is respectfully 
submitted the rejection should be reversed. 

CONCLUSION 

Each of Appellants' pending claims specifically recites elements, features, relationships, 
and steps that are neither disclosed nor suggested in any of the applied prior art. Furthermore, 
the applied prior art is devoid of any teaching, suggestion, or motivation for producing the recited 
invention. For these reasons, it is respectfully submitted that all the pending claims are 
allowable. 

Respectfully submitted, 

/Christopher L. Parmelee/ 

Christopher L. Parmelee Reg. No. 42,980 
WALKER & JOCKE 
231 South Broadway 
Medina, Ohio 44256 
(330) 721-0000 
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(viii) CLAIMS APPENDIX 

25. A graphical user interface for a security service for a computer network, the computer 
network comprising defined users, services and resources, the graphical user interface displaying 

a grid comprising nodes laid out on a first and on a second axis, 

user labels corresponding to defined users, each user label labeling nodes aligned 
relative to the first axis of the grid, 

resource labels corresponding to the defined services and resources, each resource 
label labeling nodes aligned relative to the second axis of the grid, and 

the nodes in the grid corresponding to access policies for the defined users and defined 
services and resources for the computer network, corresponding to the user and resource 
labels. 

26. The graphical user interface of claim 25 further comprising a user definition component for 
defining a business relationship tree data structure representing a set of the defined users and in 
which the user labels displayed by the graphical user interface correspond to the business 
relationship tree data structure. 

27. The graphical user interface of claim 25 further comprising a resource definition component 
for defining a resource tree data structure representing a set of the defined services and resources 
and in which the resource labels displayed by the graphical user interface correspond to the 
resource tree data structure. 
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28. The graphical user interface of claim 25 further comprising an access policy editor for 
defining the nodes in the grid, the access policy editor comprising means for graphically 
assembling icons representing policy rules to define an access policy for a user- specified node. 

29. A graphical user interface for a security service for a computer network, the computer 
network comprising defined users represented by a business relationship tree data structure, the 
computer network further comprising services and resources, represented by a resource tree data 
structure, the graphical user interface comprising display means for displaying 

a grid comprising nodes laid out on a first axis and on a second axis, 

user labels corresponding to the users in the business relationship tree data structure, each 
user label labeling nodes aligned relative to the first axis of the grid, and 

resource labels corresponding to the defined services and resources in the resource tree 
data structure, each resource label labeling nodes aligned relative to the second axis of the 
grid, 

the nodes in the grid corresponding to access policies for the defined users and defined 
services and resources, corresponding to the user and resource labels. 

30. The graphical user interface of claim 29, the grid comprising inheriting nodes and defining 
nodes, the defining nodes corresponding to access policies expressly defined by a policy 
manager, the graphical user interface further comprising means for displaying inherited access 
policies for inheriting nodes in the grid by propagating access policies from the defining nodes in 
the grid across the inheriting nodes below the defining nodes in each of the business relationship 
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tree data structure and the resource tree data structure. 

45. A computer program product for use with a security service for a computer network, said 
computer program product comprising a computer usable medium having computer readable 
program code means embodied in said medium for implementing the graphical user interface of 
claim 25, 26, or 30. 

54. A method for displaying access policies for a security service for a computer network, the 
computer network comprising defined users, services and resources, the method comprising the 
steps of: 

displaying, on a computer display unit, a grid having nodes, laid out on a first and on a 
second axis, 

displaying, on the grid, unit user labels corresponding to the user data, each user label 
labeling nodes aligned relative to the first axis of the grid, and 

displaying on the grid, resource labels corresponding to the services and resources data, 
each resource label labeling nodes aligned relative to the second axis of the grid, 

whereby the nodes in the grid correspond to access policies for the defined users and defined 
services and resources for the computer network, corresponding to the user and resource 
labels. 



55. A program storage device readable by a machine, tangibly embodying a program of 
instructions executable by the machine to perform the method steps of claim 52, 53 or 54. 
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(ix) EVIDENCE APPENDIX 

(None) 
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(x) RELATED PROCEEDINGS APPENDIX 

No decisions have been rendered by a court or the Board with respect to U.S. application 
serial no. 09/611,463 filed June 7, 2000. 
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